Network administrators (e.g., administrators of enterprise-level networks, such as banking networks, e-Commerce networks, etc.) often hire third-party cybersecurity companies to monitor and respond to threats. Thus, those responding to security incidents are often located remotely from the network rather than within it. Nevertheless, when a possible threat is detected, security incident responders need to be able to perform forensic investigations on nodes within the network, e.g., by inquiring into events at the nodes. But because network nodes are often isolated from (e.g., remote from) the servers used by security incident responders (e.g., isolated by a firewall), it is difficult for these remote servers to communicate directly with nodes within the network. Network administrators simply do not want to allow direct communication of remote computers with nodes within their networks if the channels of communication cannot be trusted.